klingon | 1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574 | Triage

Submit
Reports

Overview

overview

Static

static

1be0fa9406...74.exe

windows7_x64

1be0fa9406...74.exe

windows10_x64

Sharing

General

Target

1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574
Size

7.2MB
Sample

210810-rak3apmmw2
MD5

9cd27149543000c7f93e9943ecb9847e
SHA1

44ac42e9cfed91c80fb92600d522b674edbd3253
SHA256

1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574
SHA512

f17dfb4095d094bfd8cc01e639bbf518798b700ebf2959cc8fe224beeca7e458a758c22d11fe0c45daff8cbe3ce1dcabb67f2969179ad27af99b2cef6c4549ec

Score

10^/10

klingon persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574.exe

Resource

win7v20210410

klingon persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574.exe

Resource

win10v20210408

klingon persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574
- Size
  
  7.2MB
- MD5
  
  9cd27149543000c7f93e9943ecb9847e
- SHA1
  
  44ac42e9cfed91c80fb92600d522b674edbd3253
- SHA256
  
  1be0fa9406c29a7abda87efbc7af4a6b1537d03cd5bdfc9f7c1e83d7deeaf574
- SHA512
  
  f17dfb4095d094bfd8cc01e639bbf518798b700ebf2959cc8fe224beeca7e458a758c22d11fe0c45daff8cbe3ce1dcabb67f2969179ad27af99b2cef6c4549ec
Score

10^/10

klingon persistence trojan
- Klingon
  Klingon is a remote access trojan written in Golang with various capabilities.
  trojan klingon
- Klingon RAT Payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

klingonpersistencetrojan

behavioral2

klingonpersistencetrojan

© 2018-2024

Terms | Privacy